oss-sec mailing list archives

Re: vulnerabilities in busybox tar and cpio tools

From: Salvatore Bonaccorso <carnil () debian org>
Date: Wed, 23 Apr 2025 22:48:23 +0200

Hi,

On Wed, Apr 23, 2025 at 05:38:17PM +0200, Ricardo Branco wrote:

I reported this one in busybox's netstat a year ago:

https://bugs.busybox.net/show_bug.cgi?id=15922


The whole code needs a security audit for ANSI escapes like this.


FTR, this one has CVE-2024-58251 assigned.

Regards,
Salvatore

Current thread:

vulnerabilities in busybox tar and cpio tools Ian Norton (Apr 23)
- Re: vulnerabilities in busybox tar and cpio tools Ricardo Branco (Apr 23)
  - Re: vulnerabilities in busybox tar and cpio tools Salvatore Bonaccorso (Apr 23)
    - Re: vulnerabilities in busybox tar and cpio tools Albert Veli (Apr 24)
    - Re: [EXTERNAL] Re: [oss-security] vulnerabilities in busybox tar and cpio tools Ian Norton (Apr 24)
    - Re: vulnerabilities in busybox tar and cpio tools Demi Marie Obenour (Apr 24)
    - Re: vulnerabilities in busybox tar and cpio tools Solar Designer (Apr 24)
    - Re: vulnerabilities in busybox tar and cpio tools Demi Marie Obenour (Apr 25)
- Re: vulnerabilities in busybox tar and cpio tools Jakub Wilk (Apr 23)
  - Re: [EXTERNAL] Re: [oss-security] vulnerabilities in busybox tar and cpio tools Ian Norton (Apr 24)
- Re: vulnerabilities in busybox tar and cpio tools Salvatore Bonaccorso (Apr 23)